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In graph transformation, a conflict describes a situation where two alternative transformations cannot 
be arbitrarily serialized. When enriching graphs with attributes, existing conflict detection techniques 
typically report a conflict whenever at least one of two transformations manipulates a shared attribute. 
In this paper, we propose an improved, less conservative condition for static conflict detection of 
graph transformation with attributes by explicitly taking the semantics of the attribute operations into 
account. The proposed technique is based on symbolic graphs, which extend the traditional notion 
of graphs by logic formulas used for attribute handling. The approach is proven complete, i.e., any 
potential conflict is guaranteed to be detected. 


1 Introduction 

According to the Model-Driven Engineering (MDE) principle, systems under design are represented by 
graph-based models. The change and evolution of such models is frequently described by the declarative, 
rule-based approach of graph transformation [4, 13]. However, models arising in real-world application 
scenarios typically contain numerical as well as textual attributes in addition to the graph-based structure. 
For this purpose, an extension to graph transformation is required, being capable of representing and 
manipulating attributes of nodes and edges. 

A major challenge in graph transformation is to statically analyse possible conflicts between rule 
applications. The goal of conflict detection is to check if two graph transformation rules, both potentially 
applicable concurrently on the same input graph, are in any case arbitrarily serializable, i.e., if the two 
possible execution sequences result in the same (or at least two isomorphic) output graph(s). 

Critical Pair Analysis (CPA) is a common static analysis technique for conflict detection, defining a 
process of pairwise testing a set of graph transformation rules for possible conflicts [4]. Unfortunately, 
a naive adoption of CPA to graph transformation with attributes is too strict: whenever an attribute is 
modified by a rule application, and another rule application is also accessing the same attribute, they are 
immediately considered to be in conflict [7]. 
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In this paper, we propose an improved, less eonservative eondition for statie eonfliet deteetion of 
graph transformation with attributes by explieitly taking the semanties of the attribute operations into 
aeeount. In partieular, we make the following eontributions: 

• We define direet eonfluenee as an appropriate eonfliet eondition for graph transformation with 
attributes based on symbolie graphs, whieh reduees the number of false positives eompared to 
existing eonfliet deteetion approaehes. Using symbolie graphs further allows for an effeetive im¬ 
plementation of the proposed approaeh using a eombination of graph transformation tools and 
off-the-shelf SMT solvers. 

• We prove that our approaeh is still eomplete [4], i.e., any potential eonfliet is guaranteed to be 
deteeted. 

The paper is organized as follows: the basie eoneepts and definitions are introdueed in Seetion 2. 
Seetion 3 proposes direet eonfluenee as an improved eonfliet eondition for rules with attributes and, based 
on that, conflicting pairs are defined. In Seetion 4, the proeedure for identifying eonfliets is presented 
and proven eomplete. Seetion 5 surveys related work and Seetion 6 eoneludes the paper. 


2 Preliminaries 


In this seetion, we reeapitulate the notions of symbolie graphs and symbolie graph transformation [11] 
that are used as a framework for our approaeh. Before getting into details of symbolie attributed graphs, 
we first define graphs and graph transformation without attributes. 

Definition 1 (Graphs and Graph Morphisms), A graph G = {VG,EG,SG,tG) is a tuple eonsisting of a 
set of graph nodes Vg, a set of graph edges Eg, and the source and target funetions SG,tG ■ Eg —^ Vg, 
respeetively. A graph morphism f = {fv,fE) : G ^ H, for mapping a graph G to a graph H, eonsists of 
two funetions fv -Vg^ Vr and /e : Eg ^ Er preserving the souree and target funetions ■ fv°^G = ^R°fE 
and fv °tG = tRO/ e. A graph morphism is a monomorphism if /y and are injeetive funetions. A graph 
morphism is an isomorphism if /y and are bijeetive funetions. 

Based on this definition of graphs, graph transformation relies on the notion of pushouts. A pushout 
has the following meaning (in the eategory of graphs): given three graphs A,B,C and two morphisms 
f : A ^ B,g : A ^ C, their pushout eonsists of the pushout object P and two morphisms g' : B ^ P,f' : 
C ^ P, where P is the giuing of B and C along the elements of A, the latter being, in a way, present in 
both as /(A) and g(A), respeetively. Correspondingly, pullbaeks are the eounterpart of pushouts. Given 
three graphs B,C,P and two morphisms g' \ B ^ P,f' \ C ^ P, their pullbaek eonsists of the puiiback 
object A and the morphisms f : A ^ B,g : A ^ C, where A ean be seen as the interseetion of B and C, 
i.e., the elements of B and C whieh are overlapping in P. 

In the following, we use the double pushout (DPO) approaeh to define graph transformation [4, 13]. 
Definition 2 (Graph Transformation Rule). A graph transformation ruie r in the DPO approaeh eonsists 
of a left-hand side (LHS) graph L, an interfaee graph K, and a right-hand side (RHS) graph R and the 
morphisms i: K ^ L and r : K ^ R. 

An appiication of rule r to a graph G is defined by the two pushouts (1) and (2) in the diagram below: 


L 

m 

i 

G 


■I - K —r 


( 1 ) 


( 2 ) 


D 


R 

I 

m' 

I 

H 
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A rule is applied by first identifying a match m : L —)■ G of the left-hand side L in graph G. In the 
next step, the context graph D is obtained by removing all elements in G whieh are identified by mateh 
m, but are not eontained in the interfaee K. The result of the rule applieation, H, is obtained by adding 
all elements of the right-hand side R to the eontext D whieh do not have a pre-image in the interfaee K. 

p ffi 

A direct derivation of rule r at mateh m, denoted as G FI, is the single step from graph G to graph 
F[ derived by applying rule r to graph G at the mateh m. 

Until now, we have limited our diseussion to plain graphs, i.e., graphs ineapable of expressing at¬ 
tributes sueh as integer variables with eorresponding operations. As a first step towards graphs with 
attributes, we extend their definition to E-graphs [4]. An E-graph is a graph extended by speeial kinds of 
label nodes (U^) and edges and for node and edge attribution, respeetively) used for earrying 
the attribute values. 

Definition 3 (E-graphs and E-graph Morphisms [4]). An E-graph EG = {G,D) is a tuple eonsisting of 
a graph G and a labeling part D = {V^ ,E'^^ ,Eq^ ^tG" dc^) with a set of label nodes Vq, two 
sets of edges and Eq^ for node and edge labeling, respeetively, and the souree and target funetions 

: E'l^d —^ Vg, ^ Vq, : E^^ —^ Eg and : E^^ —^ Vq assigning the label nodes to the 

graph nodes an edges, respeetively. 

An E-graph morphism h = {hG,hD,hvL,hEL) eonsists of a graph morphism /ig and three funetions 
hojhvL, hEL mapping the label nodes and the labeling edges while preserving souree and target funetions. 
An E-graph morphism is a monomorphism (isomorphism) if its funetions are injeetive (bijeetive). 

In the following, we omit the E- prefix and denote E-graphs using e.g. G instead of EG. 

The eonstruetion of E-graphs eontains labels as plaeeholders for attribute values. In order to be 
able to define and manipulate those attribute values, we employ a data algebra. A data algebra E is a 
signature £ eonsisting of symbols for sorts, funetions and predieates; and a mapping of these symbols to 
sets and funetions, assigning meaning to the symbols. Eor the examples, we use the algebra of natural 
numbers with addition and equality. This algebra eonsists of the sort symbol N representing the (infinite) 
set of natural numbers, the binary funetion symbol ’+’ mapped to addition with the usual meaning, and 
the binary predieate symbol ’=’ defined by the equality relation on N. Eor further details we refer to [5]. 

The eoneept of symbolie graphs has been introdueed reeently to eombine the eoneept of E-graphs 
for representing attributes and data algebras for the values of those attributes. This way, symbolie graphs 
provide a eonvenient representation of graphs with attributes [11]. In partieular, a symbolie graph is 
an E-graph whose label nodes eontain variables and the values of these variables are eonstrained by a 
first-order logie formula, also being part of the symbolie graph. 

Given a £-algebra V and a set of variables X, a first-order logic formula is built from the variables in 
X, the funetion and predieate symbols in £, the logie operators V,A,-.,=>,44>, the eonstants true and false 
and the quantifiers V and 3 in the usual way [14]. A variable assignment a : X maps the variables 
X G X to a value in V. A first-order logie formula is evaluated for a given assignment a by first 
replaeing all variables in <I> aeeording to the assignment a and evaluating the funetions and predieates 
aeeording to the algebra, and the logie operators. We write E, a |= <I> if and only if <I> evaluates to true 
for the assignment a; and E ^ <I>, if and only if <I> evaluates to true for all assignments. 

Definition 4 (Symbolie Graphs and Symbolie Graph Morphisms [11]). A symbolic graph SG = (G,<1>g) 
eonsists of an E-graph G and a first-order logie formula <I>g over a given data algebra E, using the label 
nodes of G as variables and elements of E as eonstants. 

A symbolic graph morphism h : (G, <I>g) — )■ (E, ^h) is an E-graph morphism h:G^H sueh that E |= 
<!>// where /icI)(<I>g) is the first-order logie formula obtained when replaeing eaeh variable x in 

formula <I>g as defined by the mapping for the label nodes /iz)(x). The symbolie graphs SGi = (Gi,<I>i) 
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{... A C41 = 41 A C42 = 42 A C43 = 43 A ...} 



cp2:{x<42} 


(a) Grounded Symbolic Graph (b) Symbolic Graph 


Figure 1: Example of a Grounded Symbolie Graph and a (Non-Grounded) Symbolie Graph 


and SG 2 = {G 2 ,^ 2 ) are isomorphie if there is a symbolie graph morphism h : SGi —)■ SG 2 that is an 
E-graph isomorphism and V ^ <I> 2 . 

As the variables and, thus, the attribute values are determined by a first-order logie formula, a sym¬ 
bolie graph ean be seen as a elass of grounded symbolic graphs (GSG). A grounded symbolic graph is 
a symbolie graph where(i) eaeh attribute value is eonstant, and (ii) for eaeh value of the data algebra, it 
eontains a eorresponding eonstant label node. A grounded symbolie graph is ereated by adding to the set 
of label nodes a variable Cy for eaeh value v in V, and extending the formula with the equation Cy = v, 
whieh assigns a eonstant value to eaeh eonstant variable. 

Definition 5 (Grounded Symbolie Graph [11]). A symbolie graph SG = {G,^g) with data algebra V is 
grounded, denoted as if it ineludes a variable Cy G for eaeh value v G "D, and for eaeh variable 
assignment a : Vq —)■ V sueh that V, a |= <I>g, it holds that a(cy) = v. 

A grounded symbolie graph is an instance of a symbolie graph SG via h : SG —)■ 5^ if /i is a 
symbolie graph morphism, whieh is injeetive for all kinds of nodes and edges exeept the label nodes. 

Example 1 (Symbolie and Grounded Symbolie Graphs). Eigure la shows a grounded symbolie graph 
SG ] = (Gi,<Fi) eonsisting of a single graph node ni bearing an attribute earrying the variable C42, and a 
formula <I>i, eonstraining eaeh variable Cy to value v G D. The grounded symbolie graph eontains an 
infinite number of label nodes and eorresponding equations as indieated by the ’...’ in Eigure la. 

Eigure lb shows the (non-grounded) symbolie graph SG 2 = {G 2 ,^ 2 ) whose E-graph part is identieal 
to Gi- Consequently, there exists an E-graph morphism h \ G 2 ^ G\ mapping nodes 02 and x of G 2 to 
nodes ni and C 42 of Gi, respeetively. This morphism is a valid symbolie graph morphism as, aeeording 
to the mapping of the label nodes (/i<j)(c 42 ) = x), the eondition <I>i h^{^ 2 ) can be simplified fo {x = 
42) (x < 42) whieh evaluafes fo frue. Henee, fhe grounded symbolie graph is an insfanee of fhe 
symbolie graph SG 2 - 

Pushoufs and pullbaeks in symbolie graphs ean be defined in ferms of pushoufs and pullbaeks for 
graphs [11]. More speeifieally, fhe symbolie morphisms / : and g : (A,<I>a) —)• (C,<I>c) 

are a symbolie pushouf f : ^ (D,<Fd) and g' : (C,<I>c) —)■ (D,<4>£)) wifh pushouf objeef (P,<Pp) 

if f and g' are a pushouf in E-graphs and V |= (<I>p /4(‘4 *a) Ag[j>(<I>c)). A pullbaek is defined analo¬ 

gously where fhe formula of the pullbaek objeet is given by the disjunetion of <I>p and <I>c. 

A symbolie graph transformation rule is a graph transformation rule additionally equipped with a 
first-order logie formula. 

Definition 6 (Symbolie Graph Transformation Rule and Symbolie Direet Derivation [11]). A symbolic 
graph transformation rule r is a pair {L K ^ R,^), where (L .S' —> /?) is an E-graph transformation 
rule and <I> is a single first-order logie formula shared by L, K and R. The E-graph morphisms I and r are 
of a elass Jvi of morphisms injeetive for graph nodes and all kinds of edges and bijeetive for label nodes. 
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Og, — 41 a C42 — 42AC43 — 43 a 

Figure 2: Example of a Symbolic Direct Derivation 

A symbolic direct derivation SG SH is the application of a symbolic rule r = (L ^ <I>) on 

the symbolic graph SG = (G,<I>g) at match m: SG, resulting in the symbolic graph SH = 

where m is a symbolic graph morphism, which is injective for all kinds of nodes and edges except for the 
label nodes and SH is produced as a DPO diagram in E-graphs. 

Fact 1 (Properties of Symbolic Direct Derivations [12]). The restrictions on morphisms I and r ensure 

r nt 

that for any symbolic direct derivation SG SH, 

(i) the set of label nodes and the formula remain unaltered, i.e., Vq = and V |= <I>g <!>//, and 

(ii) if SG is grounded, then so is SH. 

Note that (i) also implies coincidence on label nodes of the match m ■. L ^ SG and the comatch 
cm: SH, i.e., mo = cm^. 

Although, it seems counterintuitive at a first glance that we require L, K and R to share the same for¬ 
mula and set of label nodes, it does not mean that attribute values cannot be changed by a rule application, 
since attribute values are modified by redirecting label edges. 

Example 2 (Symbolic Graph Transformalion Rule and Symbolic Direcf Derivafion). Eigure 2 shows a 
symbolic graph fransformafion rule r = {L K ^ R,^) (depicfed in fhe upper parf). The rule lakes 
a graph node n lhal has al leasl one allribule (denoted by fhe label edge belween n label node x) and 
increases if by one. This is achieved by inlroducing a new label node x' fo represenl fhe allribule value 
after Ihe rule application and conslraining il lo x' = x -|- 1 as defined by Ihe formula <I>. The allribule 
value is changed from Ihe old value x lo Ihe new value x' by firsl deleting Ihe label edge belween n and 
Ihe old value x and afterwards creating a new label edge assigning Ihe new value x' lo n. The resull from 
applying Ihe rule lo grounded symbolic graph SG^ is shown on Ihe bollom of Eigure 2. The only valid 
mapping for malch m lo satisfy <I>g => mci,(<I>) is lo map x lo C 42 and x' lo C 43 . Then Ihe resulting direcl 

V HI 

derivation ^ SH^ changes Ihe allribule value from 42 (in grounded symbolic graph SG) lo 43 in 
grounded symbolic graph S^ as expected. 

In Ihe following, we use symbolic graphs and symbolic graph Iransformalion lo presenl our approach. 

3 A Conflict Notion for Graph Transformation with Attributes 

In Ihis section, we presenl an improved detection technique for potential rule conflicts for graph Iransfor- 
malion wilh allribules. To Ihis end, we define a notion of conflict on the level of direct derivations, and 


© 


<t> ■■ [x' = X + 1} 
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© 



SG 

n 

■■■ { 

©■■■ 




n 

SD 


■ 0 ) (0 ■ 


SH 


Hi) H2) (Hs, 





102 


Improved Conflict Detection for Graph Transformation with Attributes 


we review parallel dependenee as an existing suffieient eondition for our notion of eonfliet. Thereupon, 
we show hy means of an illustrative example that parallel dependenee is too eonservative espeeially in 
an attributed setting, i.e., rejeeting too many eonfliet-free direet derivations. To overeome these defi- 
eieneies, we present a new eondition, ealled direct confluence, that is suffieient for deteeting eonliieting 
direct derivations, but less restrictive than parallel dependence. Finally, to reason about conflicts on the 
rule level, we lift the direct confluence condition by defining conflicting pairs. 

With the concept of conflicts, we grasp the situation where, given two rules (ri and r 2 ) applicable on 
the same graph, we obtain different results depending on which rule is applied first. We characterize a 
conflict in terms of two alternative direct derivations that can not be arbitrarily serialized. In this case, 
applying the second transformation after the first leads to a different result than vice versa. 


Definition 7 (Conflict). Given a grounded symbolic graph SCI, the two alternative direct derivations 


SH ^ S(} SH^ are a conflict if no direct derivations and SH^ S]C 


r2,m2 


^2j^2 


ri,mi 


SX 2 exist with 


and SX^ being isomorphic. 


Note that since S(} is grounded, SH_i, SHp , 5'X ] and SX^ are grounded, too. 

This definition of conflicts leaves open how to practically determine that two given alternative direct 
derivations are a conflict. A corresponding condition to check if two direct derivations are a conflict is 
referred to as a conflict condition. 


3.1 Parallel Dependence as a Conflict Condition 

In the literature of graph transformation, a common conflict condition is the notion of parallel depen¬ 
dence [13, 4]. Intuitively, two direct derivations are parallel dependent if they are mutually exclusive, 
i.e., after one of the direct derivations, the other rule is not applicable anymore and/or vice versa. We 
adapt the notion of parallel dependence to symbolic graphs as follows. 

Definition 8 (Parallel Dependence). The symbolic direct derivations (//i,<I>) 4= (G,<F) 
are parallel dependent iff the direct (E-graph) derivations Hi 4= G H 2 are parallel dependent, i.e., 
there does not exist E-graph morphism /: Li —)■ D 2 or j : L 2 —)■ D\ such that mi = g 2 0 i and m 2 = o j, 
as in the diagram below. 

Ri -< - Ki -► Li Z/2 - K 2 ->■ i?2 

A---/. 

■.'' nil m 2 ■ 

H\ - Di - 9i -^ G ^ - 92 - D 2 -^ H 2 


Two direct derivations not being parallel dependent are called parallel independent. 

Note that the non-existence of morphism i means that the application of rule r 2 deletes at least one 
element which is required for the match of ri and vice versa for j. 

Example 3 (Parallel Dependence). Eigure 3 shows an example of two parallel dependent direct deriva¬ 
tions. The two symbolic rules ri = (Li Ki A /?i,<Fi) and r 2 = {L 2 K 2 ^ R 2 ,^ 2 ) are shown in the 
upper part of the figure. Both rules take a single graph node n with a single attribute (label node x); while 
rule ri increases the value of the attribute by 1, rule r 2 adds 2 to the attribute value. The bottom part 
of Eigure 3 shows the application of the rules on the grounded symbolic graph As the morphisms 
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[x' = X + 1} O 2 : {x" = X + 2} 



'I’hi' 'I’di' 'I’g' ‘I’dz’ '^H2 : ^ C 42 — 42 A C 43 — 43 A C 44 — 44 A C 45 — 45 A ...} 


Figure 3: Example of Parallel Dependent Direct Derivations 




/: Li —)• D 2 and 7 : L 2 —)• Di do not exist because of a missing labeling edge, the depicted direct deriva¬ 
tions are parallel dependent and, therefore, they are declared to be a conflict by parallel dependence. 

However, if focusing on the intention of these rules, it seems rather intuitive that the direct derivations 
are not a conflict as the operations expressed by the rules are commutative, i.e., x-|-l-|- 2 =x-|- 2 -|-l. 

Concluding our example, although this technique is practical, efficient and only the two direct deriva¬ 
tions are required for the decision process, it seems too strict (i.e., it produces too many false positives) 
for the desired attributed setting. The problem is that using the notion of parallel dependence, two rules 
are considered to have a (potential) conflict whenever an attribute is modified by one rule, that is ac¬ 
cessed by the other rule (as also stated in [7]). The root of the problem resides in the construction of 
the underlying E-graphs, which do not reflect the intention of attribute operations, but rather delete and 
recreate the labeling edges whenever a new value is assigned to an attribute. 

3.2 Direct Confluence as an Improved Conflict Condition 

To overcome the deficiencies of parallel dependence as a conflict condition, we propose an alternative 
approach. Our proposal is based on the observation that the definition of conflicts (Def. 7) allows for 
directly checking if the different application sequences of the two rules result in isomorphic graphs. In 
particular, the proposed approach relies on our notion of direct confluence. To be more precise, two 
direct derivations which are not directly confluent are a conflict. 

The definition of direct confluence has to fulfill that (i) given a pair of direct derivations for two 
rules r\ and r 2 on the same input graph, there exists two derivation sequences (i.e. first ri and then r 2 
and vice versa) whose resulting graphs are isomorphic and (ii) in both derivation sequences, the second 
direct derivations preserves at least the elements as the first direct derivations and send these to the same 
elements in the common result. 

Definition 9 (Direct Confluence). Given a pair of direct derivations SHi SG SH 2 with SG = 
(G,<I>g), SHi = and SH 2 = {H 2 ,^h 2 ) being symbolic graphs, they are directly confluent if 

r2,M2 ''1,^1 

there exist direct derivations SHi SXi and SH 2 SX 2 such that 
I. 5 X 1 = (Xi,<I>Xi) and SX 2 = {X 2 ,^x 2 ) are isomorphic, and 

II. matches ni[ and m 2 are chosen in a way that (2), (3) and (4) commute, where (1) is the pullback 
of {SD\ —)• SG ■<— SD 2 ) and the graphs SDi, SD 2 , SQi and SQ 2 are the context graphs of the corre¬ 
sponding direct derivations. 
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(a) Property I 


(b) Property II 


Property I ensures that the given direet derivations are not a eonfliet. Property II serves as a means 
of traeking for the matehed elements after the direet derivations. This way, it is guaranteed that the 
seeond direet derivations are applied to the images of the same elements as the first ones. In other words, 
the symbolie graph SZ eontains all elements from the input graph that are preserved by both original 
direet derivations and the eommuting reetangles of Property II guarantee that these elements are in the 
eontext graphs of the seeond direet derivations and (through the lower reetangle) that they are embedded 
in the resulting graph in the same way. In the following, when using the eoneept of direet eonfluenee, 
we always assume that the matehes are ehosen appropriately aeeording to Property II. Note that the 
definition of direet eonfluenee is a speeializafion of sfrief eonfluenee as defined in [4] (Def. 6.26), wifh 
fhe lower fransformafion ehains eonsisfing of exaefly one direef derivation. 


‘^Qi’ ‘t’zj' '^Q2' ^ <^42 — 42 A C43 — 43 A C44 — 44 A C45 — 45 A ...} 



<I) 2 :{x" = x +2} Oiitx'= x+1} 


Figure 4: Example of Direef Confluenee 


Example 4 (Direef Confluenee as an Improved Conflief Condifion), Figure 4 shows (in fhe lop righl 
and lop lefl eorner) fhe resulls and SH^ of fhe alfernalive direef derivalions 4= ^ SH^ 
presenled in Example 3 (shown in Figure 3). On fhe bottom (from lefl lo righl), fhe symbolie rules 
O = (^2 K 2 ^ ^ 2 ,* 4 * 2 ) and ri = (Li Ki ^ /?i,<4>i) are shown. In order lo eheek direef eonfluenee, 

bolh rules are applied lo 5^^ and SHq , resulling in fhe direef derivalions 5^^ and SH^ => SX^ . 

As grounded symbolie graphs and SXp are isomorphie, direef eonfluenee deelares, in eonlrasl lo 

Ti ^ 21^2 

parallel dependenee, lhal fhe Iwo alfernalive derivation SI^i 4== ^ SHp are nol a eonfliel. 

We have shown lhal direef eonfluenee as a eonfliel eondilion is in aeeordanee wifh our notion of 
eonfliefs and is, Iherefore, suilable for eonfliel deleelion in fhe presenee of aflribules. However, in mosl 
appliealions, one is ralher inleresled in a eonfliel deleelion on fhe level of rules instead of Iheir appliea- 
lions. 
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0^: [x' = X + 1} 


<t>2: [x" = X + 2] 
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<t>p ^: {x' = X + 1 A 
x" = x + 2} 


<t>K' {x' = X + 1 A 
x" = X + 2} 


{x' = X + 1 A 
x" = X + 2} 


Figure 5: Example of a Critical Pair 

3.3 Lifting Conflicts to Rule Level 

In the following, we show how we lift our notion of direct confluence from the direct derivation level 
to the rule level. As a starting point, we recall the well-known concept of critical pairs that is used to 
lift the parallel dependence condition to the rule level. First, we adapt critical pairs to our setting of 
symbolic graphs. Afterwards, we show that this criterion is too conservative, however, it is used as a first 
necessary condition in the decision process as if two rules are parallel independent, they are also directly 
confluent (note that this does not necessarily hold the other way around). To improve conflict detection, 
we proceed by showing how direct confluence can be lifted to an adequate rule conflict condition in the 
presence of attributes. 

A critical pair for two given rules consists of a minimal context and two parallel dependent direct 
derivations. A minimal context of two rules is a graph (i) on which both rules are applicable and (ii) which 
only contains elements being matched by at least one of the rules. The intention behind critical pairs 
essentially consists in identifying those minimal conflict instances representing each possible conflict 
of the rules on any possible input graph. Practically, this requirement means that whenever two direct 
derivations are a conflict on some graph SG, there is an element in the corresponding set of minimal 
conflict instances which is embedded in SG. Embedding one pair of direct derivations (with input graph 
SK) into another pair of direct derivations (with input graph SG) means that there exist monomorphisms 
from the graphs of the first pair of derivations to the graphs of the second one. 

The definition of critical pairs has only been considered in the framework of plain and attributed 
graphs before [4]. Nevertheless, it can be extended to symbolic graphs as follows. 

Definition 10 (Symbolic Critical Pair). A pair of symbolic rule applications SP\ SK SP2 with 
rules r\ = {L\ Ki and ^2 = (L 2 P- K2 ^ on the input graph SK = {K,ri>K) is a 

symbolic critical pair if it is parallel dependent, V |= oyci)(<I>i) A 02.cI>(<I>2)^ and K is minimal 

meaning that each E-graph element ge £ K (i.e., node or edge in K) has a pre-image in the EHS of rule 
n or r2, i.e., ge £ oi(Li) or ge £ 02(1,2). 

Example 5 (Symbolic Critical Pair). Figure 5 provides an example for a symbolic critical pair according 
to Definition 10. Again, we consider the rules ri and r 2 shown in the upper part of the figure. Contrary to 
the example for parallel dependence, the rules are now applied to the minimal context SK that contains 
only the elements required for applying the rules r\ and r2. As the resulting pair of direct derivations 
SPi SK SP2 can be embedded into the direct derivations S^ SH^ of Example 3, 

the pair SP\ SK SP2 is a minimal conflict instance of the conflict Sld\ SG^ SH-, . 
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This example has shown that the parallel dependence condition can be lifted to rule level by the con¬ 
cept of symbolic critical pairs. Analogously, we also lift the direct confluence condition to the level of 
rules instead of direct derivations, using a construction similar to minimal contexts. Unfortunately, when 
considering (general) symbolic graphs and symbolic graph transformation, a general problem arises 
when checking direct confluence, as is illustrated in the following example. 


'I’hi: U' = ^ + 1 A 

x" = x + 2} 



n 

R, 




n 

K, 

© @ 



<t> 2 '.[x" = X + 2} 


= X+lA 
x" = x + 2} 



K 



Figure 6 : Problem of Checking Direct Confluence 


Example 6 (Problem of Checking Direct Confluence). Figure 6 shows (in the upper part) the results 
SPi and SP2 of the alternative direct derivations SPi SK SP2 presented in Example 5 (shown 
in Figure 5). On the bottom (from left to right), the symbolic rules r 2 = {L 2 K 2 ^ and 

are shown. In order to check direct confluence, both rules have to be applied 
to SPi and SP 2 . However, this is not possible. If we want to find a symbolic match 02 : (L 2 ,<I> 2 ) —>• SPi 
from the left-hand side of rule ri defined by (L 2 ,<F 2 ) to the symbolic graph SPi = (Pi,<I>/>|), we have 
to map label node x of L 2 to label node x' of SPi. Mapping x' of L 2 to SPi introduces two problems. 
The first problem is that no mapping of the label node x" of L2 to a label node in SPi exists such that 
V 1 = (<I>Pj 02 (j,(<I> 2 ))- We can overcome this problem by assuming that SPi still includes an additional 
variable, not assigned to any node or edge and not appearing in the formula of SP\. Generally, we assume 
from now on that a symbolic graph also contains an unlimited number of variables. Nevertheless, we 
have a second problem: we still cannot apply r 2 to SP\ because x' = x -|- 1 Ax" = x-|-2 does not imply 
O2 which is x"' = x' -|- 2, where x'" is the new additional variable for mapping x" of L2 to Pi (i.e., 

m^{x") =x"')- 

This problem in Example 6 can be solved by narrowing graph transformation [12]. Instead of requir¬ 
ing that <I>Pj =► 02 ^{^ 2 ) holds before the transformation (as in the case of symbolic direct derivation), 
in the narrowing case, the transformation of the E-graph part is performed first and, afterwards, the 
satisfiability of <I>Pj Ao2<i>(‘J’i) is checked to ensure that the resulting symbolic graph has at least one 
instance. 

Definition 11 (Narrowing Graph Transformation [12]). Given a symbolic graph SG = (G,<I>g), a sym¬ 
bolic graph transformation rule r = (L P' —)■ P, <I>) and an E-graph morphism m\L^G, the narrowing 
direct derivation of the rule r on SG at match m, denoted as SG ^r,m SH, leading to symbolic graph 
SH = is given by the (E-graph) double pushout diagram below: 
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L - - 

I 

m ( 1 ) 

G - - 


K -- R 

(2) m' 

D -► H 


such that <!>// := <I>g A is satisfiable. 

Now, we lift the notion of direct confluence to the rule level by using narrowing graph transformation. 

Definition 12 (Conflicting Pair), A symbolic critical pair SCP = SPi SK SPj is a conflicting 
pair if there do not exist narrowing direct derivations SP\ ^r 2 ,o^ *^^1 SP 2 ^^2 such that SCP 

is directly confluent. 

Having these new concepts at hand, we can now revisit the concurrent applications of Example 3 to 
see if a conflict detection based on conflicting pairs is now capable of handling that situation. 
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Figure 7: Example of a Non-conflicting Pair 


Example 7 (Non-conflicting Pair). Figure 7 depicts the construction process for a conflicting pair ac¬ 
cording to Definition 12, where SPi and SP2 are part of the critical pair SPi SK SP2 derived in 
Example 5 (Figure 5). Contrary to the previous example (Example 6 ) the rules ri and r 2 (depicted at 
the bottom right and right of Figure 7, respectively) are now applied using narrowing transformation as 
defined in Definition 11. We also assume that symbolic graphs SPi and SP2 both include a new label 
node fl”, which is used as image of the label nodes x” and x' in the (E-graph) matches O 2 • ^2 —^ A and 
o\ : Li —)■ P 2 , respectively. These mappings are depicted by the captions [x" —)■ x"'] and [x' —)■ x"'] at the 
corresponding morphism arrows in Figure 7, respectively. The other mappings are depicted similarly, if 
the mapping differs from the mapping given by the node identifiers. The graphs ^Ti and SY2 contain the 
results of the direct narrowing derivations of r\ and r2 at the matches o\ and 02- Consequently, the for¬ 
mula <I>yj := <I>Pj Aoj $(*5*2) can be simplified to Oyj \= {x' =x+l Ax” = x + 2Afl” =x'-|-2} as we have 
mapped x to x' and x” to fl”. Having Oy^ transformed similarly, we have Oyj := {fl” = x-|-l-|-2Ax" = 
X -|- 2} and <I>y 2 := {x'” = x-|-2-|-lAx"=x-|-2} which are equivalent. Hence, symbolic graphs ^Ti and 
SY2 are isomorphic as both have the same graph structure and equivalent formulas. 

Concluding the example, direct confluence as a conflict condition can be used on the rule level as 
well, if we adapt the way how graph transformation is performed. 
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Figure 8: Sketch of the Decision Procedure 


4 An Improved Conflict Detection Process based on Direct Confluence 

The notion of conflicting pairs (Def. 12) provides a basis for an improved conflict detection process. In 
this section, we describe this process. Thereupon, we show that the resulting set of conflicting pairs is 
complete in the usual sense, i.e., whenever there is a conflict, we have a conflicting pair embedded in the 
input graph, which represents the cause of the conflict [4]. 

A conflict detection based on conflicting pairs is not completely independent of a (classical) conflict 
detection based on critical pairs, but rather can be conceived as an extension to it. Such a conflict 
detection is performed on the rule level instead of the direct derivation level. Figure 8 summarizes the 
decision procedure. 

In particular, given a pair of symbolic rules ri = (Lj t- A- /?i, <Fi) and r 2 = (L 2 K 2 ^ R 2 ,^ 2 ), 

the overall process consists of the following steps: 

1. A symbolic critical pair (Def. 10) is constructed if possible, based on Li,L 2 and the matches. If 

the graph parts of Li and L 2 are non-overlapping, or D ^ A 02,<i'(‘J*2) holds, there is no 

conflicting pair based on these two rules and the process terminates. Note that, for the E-graph part, 
there is always at least one minimal graph according to Def. 10. 

2. If an appropriate SK = (.^f,<I>/f) with a minimal K has been found in step 1, the direct derivations 
SK SPi and SK SP 2 (with the unique matches oi and 02 ) are to be checked for parallel 
dependence. In case they are parallel independent, there is no conflicting pair based on these two 
rules and the process terminates. 

3. The rules are applied in both sequences to SK', in case they are not directly confluent, then SK, the 
rules ri and r 2 and their (unique) matches constitute a conflicting pair. 

In the following, we prove that a conflict detection process defined this way is complete, i.e., when 
applied to a set of rules, the resulting set of conflicting pairs represents all possible conflict causes. This 
means that if for an arbitrary (symbolic) graph SG, two direct derivations are not directly confluent, then 
a corresponding conflicting pair is embedded within SG. In our proof, we rely on the construction of 
initial pushouts in symbolic graphs, analogously to the proof of Theorem 6.28 in [4]. 
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Definition 13 (Construction of Initial Pushouts in Symbolic Graphs), The diagram below is an initial 
pushout in symbolic graphs if (i) the morphisms b,c G A4, (ii) it is an initial pushout in E-graphs (see 
Def. 6.1 in [4]) and (iii) V |= (<I >5 Oy) and T> |= (<l>c <Px)- 

(E,4>y) 

a (1) o' 

i i 

(C,4>c) -ceM^iX,<bx) 

Theorem 1 (Completeness of Conflicting Pairs). Given a grounded symbolic graph and a pair of not 
directly confluent direct derivations Derc = {SH_i 4= ^ SHp ) of rules ri = (Li Ki /?i,<I>i) 

and r 2 = {L 2 K 2 ^ R 2 ,^ 2 ), there exists a conflicting pair Derx = {SPi SK SP 2 ) such that 
Derfc can be embedded in Derc by f : SK —)■ SG, g : SP\ -4 Slf^ and h : SP 2 -4 SH^ shown in the diagram: 

SG 



Proof First, we show that symbolic morphisms /, g and h exist. 

As DerQ is not directly confluent, it has to be parallel dependent. Due to the completeness of critical 
pairs (Lemma 6.22 in [4]), there exists a critical pair Derx in E-graphs with E-graph morphisms /, g and 
h. Consequently, assuming that Derx is a symbolic critical pair (according to Def. 10), we have to show 
that /, g and h are symbolic graph morphisms. 

Due to the existence of Derc, we have V |= ((<Pg A (<I>g m 2 ,<j)(<I> 2 ))) which is 

equivalent to V |= (<I>g mi ci)(<l>i) Am2,^{^2))- From the minimality of critical pairs (i.e.. S’ — Ai' 
pair factorization [4]), it follows that mi $ = f<^oo\,q^ and m 2 ,^ = /o 002 , 0 , we have (mi <j>(‘J*i) A 
m 2 ,<i>(‘J> 2 )) ^ (/<i>(oi,o(‘J>i)) A/<i>(o 2 .<i>(‘J> 2 )))- By factoring out /o, we get /<i>(oi,ci,(‘I’i) Ao 2 ,ci>(‘J> 2 )) ^ 
/<j>(<P;r). Hence, V |= (<I>g /o(‘I’/r)) and, thus, / is a symbolic graph morphism. 

To show that g and h are symbolic graph morphisms, we require {^Hi 44 ^h 2 44 Og) and (<I>P| 

Opj O/f) as well as (/o = go = ^o), which are consequences of Fact 1 . If D |= (Og /o(‘I’a:)), also 
V 1= (<I>//| go(‘I’Pi)) and V |= {^H 2 hence, g and h are symbolic graph morphisms. 

We prove the rest of the theorem by contradiction. Let us suppose that there exist no symbolic 

7*2 772^ 7*) 777^ 

direct derivations Sff^ and SH^ 8X2 with and SX^ being isomorphic, whereas, for the 

narrowing direct derivations SPi ^r 2 ,o^ and SP 2 ^ryo', *^^ 2 , it holds that ^Ti and SY 2 are isomorphic. 
In order to prove that this supposition is indeed a contradiction, it suffices to show that if ^Ti and SY2 are 

7*2,7772 f\^^[ 

isomorphic, then and SH p SX 2 exist, and and SX 2 are isomorphic. 



110 


Improved Conflict Detection for Graph Transformation with Attributes 


In the following, we rely on the teehnique used in the proof of the Loeal Confluenee Theorem (The¬ 
orem 6.28 in [4]), whieh is based on initial pushouts. We adapt this proeedure to our setting of symbolie 
graphs with Ad-morphisms. Analogously to that proof, we first ereate an initial pushout over the mor¬ 
phism / aeeording to Def. 13. The pullbaek objeet defined in Properfy 11 of direef eonfluenee (Def. 9) 
fogefher wifh fhe elosure properly of initial pushouls (Lemma 6.5 in [4]) ensure lhal for eaeh of Ihe em¬ 
bedding morphisms, we have an initial pushoul wifh a : SB ^ The diagram below shows fhe Iasi 
slep of Ibis eonslruelion. As symbolie graphs wifh Ad-morphisms eonslilule an adhesive HLR ealegory 
[4], we only have lo show lhal Ihe resulls of Ihe narrowing Iransformalions are eompalible wifh Ihe 
eonslruelion of initial pushouls. 



In parlieular, we have lo show lhal if (2a) is an initial pushoul in symbolie graphs, Ihen (la) is a 
pushoul in symbolie graphs. 


5B — — SNi 

a (2a) 


SB - b[ o 6i * SYi 

a (la) P 

1 i 




SC-c[oci^ S2Li 


As (la) is a pushoul in E-graphs, Ihis slalemenl is equivalenl lo show lhal (i) morphisms c\ o 
Cl and b\ obi are symbolie graph morphisms and (ii) for Ihe pushoul (la), V |= (<I>Xi PcI)(<Pf,) A 
CL<i,(ci ^(<I>c))) holds. 

(i) . Sinee ci and c\ are bolh in Af, we ean assume (wilhoul loss of generalily) lhal <I>c and Oxj are 
Ihe same formulas, and V(? = are Ihe same sels of variables. Henee, Cj (j, o ci <j) is Ihe identify and, 
Iherefore, il is a symbolie graph morphism as V |= (<I>Xi => c\ <j>(ci ^(Oc))) Irivially holds. For morphism 
b\ obi, we have lo show lhal V |= (<I>yj b\ cj,((?i,<I)(<I>b))) holds. By Ihe definition of narrowing graph 
Iransformalion, we have <I>y| := <I>Pj f\ co '2 (^{^ 2 )■ H follows from Ihe exislenee of Ihe initial pushoul 
{ SC SB ^ SP\ ) lhal <I>B 4A <I>Pj and henee, we have lhal D |= (<I>yj b[ (J,((?i,<i>(<I>b))) is equivalenl 
lo V 1= ((<I>Pi Aco 2 cI)(‘J* 2 )) b[ (j,(^i,ci)(<I>fi))) whieh holds as bi and b\ are bolh in Af and, Iherefore, 
b'l <j> o d) is Ihe identify. 

(ii) . =^: We have lo show lhal V |= (<I>x, )) and V |= (<I>x, c\ <j>(cy<i)(<I>c))) holds. While 

Ihe latter has been already shown above, il remains lo show lhal V |= (<I>Xi pd)(<I>y|)). Wilh <I>yj := 
<I>Pj ACO 2 d,(‘I> 2 ) (from Ihe definition of narrowing Iransformalion), we have (<I>Xi )) 

p<i>(<I>Pj ACO 2 $(‘ 5 * 2 ))) whieh is equivalenl lo (<I>x, p<i>(‘I’p,)) A (<I>x, P<s>{co 2 (^{^ 2 ))- DueloFael 1, 

we have by the eonstruetion of the symbolie direet derivation SI£i <!>//, holds; 

Iherefore, D |= (<I>X| p<i)(<I>Pj)) is equivalenl lo D |= (<I>//| =^gd)(<I>Pj)), whieh is given by Ihe exislenee 

of Ihe symbolie graph morphism g : SPi —> 5^^. Il remains lo show lhal V |= (<I>jfi p^{co '2 <j)(‘J* 2 ))) 
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which can be reformulated as <I>x, => cm 2 using p,^oco 2 <j> = cm 2 <j,. The implication V ^ 

cm 2 ^{^ 2 )) holds due to the existence of the symbolic graph morphism c/n^. 

(ii). <^: By the construction of initial pushouts, we have that c\ ^Xi and hence 

p<I)(<I>y,) Ac'i <j,(ci,cl)(<I>c)) 

We can show in the same way that (lb) is a pushout in symbolic graphs as well. It follows from the 
uniqueness of the pushout object that if ^Ti and SY 2 are isomorphic, so are and SX^ . 

This way, we have shown that our supposition contains a contradiction and, therefore, if Derc is not 
directly confluent, then Derx is a conflicting pair which can be embedded into Derc- 

□ 

This proof shows that our proposed notion of conflicting pairs effectively represents the minimal 
conflict instances based on direct confluence and, thus, provides a means to lift conflict detection to rule 
level. Moreover, the general nature of the proof also demonstrates that the proposed technique is not 
restricted to the attributed setting used as motivation. In fact, direct confluence and conflicting pairs can 
be effectively used as an incremental extension of the existing conflict results for plain graphs as well. 

5 Related Work 

Symbolic graphs. Symbolic graphs and symbolic graph transformation have been introduced by Ore- 
jas and Lambers in [11, 12] as a generalized and convenient representation for attributed graphs and 
attributed graph transformation. However, a proper notion of conflicts and a corresponding conflict de¬ 
tection process have not been considered in this framework. 

Conflicts. The concept of conflicts has been adopted to graph transformation with negative application 
conditions and to attributed graph transformation with inheritance [8, 6]. In contrast to the proposed 
technique, these approaches rely on the notion of parallel dependence for determining conflicts. As a 
consequence, they still recognize a conflict whenever two rules access the same attribute and at least one 
modifies its value (regardless of the semantics of the access operations actually performed). 

The concept of local confluence, which is a generalization of direct confluence, has its origins in term 
rewriting systems. The applicability of local confluence to attributed graph transformation is shown in 
[7]. However, in contrast to direct confluence, local confluence is undecidable even for graphs without 
attributes. Additionally, the transformation of term attributed graphs, which is required to check local 
confluence, requires term unification to be performed at every derivation step. Contrary, in the symbolic 
case, where the formula is constructed stepwise at the syntactical level and is validated afterwards, e.g., 
by using off-the-shelf SMT solvers. 

Reflning conflict detection. To the best of our knowledge, the only approach except for ours to formally 
capture and extend the notion of critical pairs is that of Lambers et al. [9]. They also try to narrow the 
set of actual conflicts, however, their approach is based on directly expressing the actual conflict cause 
by means of categorical notions and not on giving a new condition for checking which conflicts are 
considered relevant. 

From a practical perspective, the approach of Cabot et al. [1] presents a fully-fledged graph trans¬ 
formation tool framework which also incorporates an analysis of graph transformation rules to verify 
certain properties, where their concept of conflict and independence strongly corresponds to our notion 
of direct confluence. The authors also remark that, similar to our technique, they only have to test the 
minimal models for those properties. Nevertheless, the approach of [1] is completely practical and it is 
based on a preceding translation of the rules into OCL expressions and, therefore, the theoretical aspects 
of our approach are not considered at all. 
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6 Conclusion 

In this paper, we have proposed an improved eonfliet deteetion proeedure for graph transformation with 
attributes. Our approaeh uses symbolie graphs as a framework and is based on the notion of eonfliets 
and direet eonfluenee. This way, we are able to explieitly take the intention of the attribute operations 
during eonfliet deteetion into aeeount and to potentially exelude some false positive eonfliets, emerging 
from the eonservative eonfliet eondition of earlier approaehes, while still retaining eompleteness. 

Based on this formal framework, we aim at implementing the approaeh using an off-the-shelf SMT 
solver, e.g., Z3, MathSAT or SMTlnterpol [10, 3, 2] and perform experiments regarding applieability 
and performanee. Furthermore, we plan to apply this implementation to eonduet ease studies eomprising 
modeling languages apparent in model-driven engineering. 
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